Re: MS Security Patch - Is It Bogus?
From: Bruce Chambers (bchambers_at_nospamcableone.net)
Date: 10/07/03
- Next message: Bruce Chambers: "Re: java virtual machine"
- Previous message: Bruce Chambers: "Re: Activation"
- In reply to: Jeffrey: "MS Security Patch - Is It Bogus?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 6 Oct 2003 20:26:14 -0600
Greetings --
What you received is either a very common malicious hoax or the
output of a computer infected by one of several wide-spread, mass
emailing worms. The most widely-known are:
W32.Swen.A_mm
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru@mm.html
W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@mm.html
Microsoft never has, does not currently, and never will email
unsolicited security patches. At the most, if, and only if, you
subscribe to their security notification newsletter, they will send
you an email informing you that a new patch is available for
downloading.
Microsoft Policies on Software Distribution
http://www.microsoft.com/technet/treeview/?url=/technet/security/policy/swdist.asp
Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp
How to Tell If a Microsoft Security-Related Message Is Genuine
http://www.microsoft.com/security/antivirus/authenticate_mail.asp
Any and all legitimate patches and updates are readily available
at http://windowsupdate.microsoft.com/. (Notice that this is the true
URL, rather than the bogus one that may have been contained in the
email you received.) Any messages that point to any other source(s) or
claim to have the patch attached are bogus.
You're receiving these emails because your email address is in
the address book of someone infected with a worm, and/or because you
posted your real email address somewhere on-line, either in a forum
accessible to the public and spambots, such as Usenet, or on an
untrustworthy web site that subsequently sold your address as part of
a mailing list. One thing you can do is notify _everyone_ with whom
you've ever corresponded via email that one or more of them may be
infected with a mass emailing worm, and should take the appropriate
steps.
There's probably no way of blocking all of the bogus messages, but
you can greatly reduce the number you get by creating a rule, based
upon the most commonly used subject lines, to delete the emails from
the server without ever downloading them.
Bruce Chambers
-- Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html You can have peace. Or you can have freedom. Don't ever count on having both at once. -- RAH "Jeffrey" <jeffreybabcock@cox.net> wrote in message news:0aaa01c38c1d$780e9e30$a001280a@phx.gbl... > I have received the message below at least four times > supposedly from MS. Each time it has been nabbed by my > AntiVirus software (Norton) indicating that it is > infected by a virus. It comes "wrapped" in an official- > looking MS format, etc. I assume that many others may be > receiving the same message. > > Is this a real or bogus message? I cannot see the > attachment. The language has some errors as well which > makes it seem suspect, though language errors occur > frequently on websites. > > Anyway, I wonder whether anyone else has received this > message with similar or different results and/or some of > you may know about this? MS makes it difficult to report, > so I'm coming to the Newsgroup to at least raise > awareness. > > Thanks > > Jeffrey > > MS Customer > > this is the latest version of security update, > the "October 2003, Cumulative Patch" update which > resolves all known security vulnerabilities affecting MS > Internet Explorer, MS Outlook and MS Outlook Express as > well as three new vulnerabilities. Install now to help > protect your computer from these vulnerabilities, the > most serious of which could allow an malicious user to > run code on your computer. This update includes the > functionality of all previously released patches. > > > System requirements Windows 95/98/Me/2000/NT/XP > This update applies to MS Internet Explorer, version > 4.01 and later > MS Outlook, version 8.00 and later > MS Outlook Express, version 4.01 and later > Recommendation Customers should install the patch at the > earliest opportunity. > How to install Run attached file. Choose Yes on > displayed dialog box. > How to use You don't need to do anything after > installing this item. > > Microsoft Product Support Services and Knowledge Base > articles can be found on the Microsoft Technical Support > web site. For security-related information about > Microsoft products, please visit the Microsoft Security > Advisor web site, or Contact Us. > > Thank you for using Microsoft products. > >
- Next message: Bruce Chambers: "Re: java virtual machine"
- Previous message: Bruce Chambers: "Re: Activation"
- In reply to: Jeffrey: "MS Security Patch - Is It Bogus?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
